Home

CVE-2018-16847

Description

An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.091

Associated Vulnerability

VulnerabilityOS Platform
Machine emulator and virtualizer (USN-3649-1) qemu-system_2.5+dfsg-5ubuntu10.33_i386.debLinux
Machine emulator and virtualizer (USN-3649-1) qemu-system_2.5+dfsg-5ubuntu10.33_amd64.debLinux
Machine emulator and virtualizer (USN-3826-1) qemu_2.11+dfsg-1ubuntu7.8_i386.debLinux
Machine emulator and virtualizer (USN-3826-1) qemu_2.11+dfsg-1ubuntu7.8_amd64.debLinux
Machine emulator and virtualizer (USN-3826-1) qemu_2.12+dfsg-3ubuntu8.1_i386.debLinux
Machine emulator and virtualizer (USN-3826-1) qemu_2.12+dfsg-3ubuntu8.1_amd64.debLinux
Machine emulator and virtualizer (USN-3826-1) qemu-system_2.0.0+dfsg-2ubuntu1.44_i386.debLinux
Machine emulator and virtualizer (USN-3826-1) qemu-system_2.0.0+dfsg-2ubuntu1.44_amd64.debLinux
Machine emulator and virtualizer (USN-3826-1) qemu_2.5+dfsg-5ubuntu10.33_i386.debLinux
Machine emulator and virtualizer (USN-3826-1) qemu_2.5+dfsg-5ubuntu10.33_amd64.debLinux
Machine emulator and virtualizer (USN-3826-1) qemu-system_2.11+dfsg-1ubuntu7.8_i386.debLinux
Machine emulator and virtualizer (USN-3826-1) qemu-system_2.11+dfsg-1ubuntu7.8_amd64.debLinux
Machine emulator and virtualizer (USN-3826-1) qemu-system_2.12+dfsg-3ubuntu8.1_i386.debLinux
Machine emulator and virtualizer (USN-3826-1) qemu-system_2.12+dfsg-3ubuntu8.1_amd64.debLinux
Machine emulator and virtualizer (USN-3826-1) qemu-system-arm_2.0.0+dfsg-2ubuntu1.44_i386.debLinux
Machine emulator and virtualizer (USN-3826-1) qemu-system-arm_2.0.0+dfsg-2ubuntu1.44_amd64.debLinux
Machine emulator and virtualizer (USN-3826-1) qemu-system_2.5+dfsg-5ubuntu10.33_i386.debLinux
Machine emulator and virtualizer (USN-3826-1) qemu-system_2.5+dfsg-5ubuntu10.33_amd64.debLinux
Machine emulator and virtualizer (USN-3826-1) qemu-system-ppc_2.0.0+dfsg-2ubuntu1.44_i386.debLinux
Machine emulator and virtualizer (USN-3826-1) qemu-system-ppc_2.0.0+dfsg-2ubuntu1.44_amd64.debLinux
Machine emulator and virtualizer (USN-3826-1) qemu-system-x86_2.0.0+dfsg-2ubuntu1.44_i386.debLinux
Machine emulator and virtualizer (USN-3826-1) qemu-system-x86_2.0.0+dfsg-2ubuntu1.44_amd64.debLinux
Machine emulator and virtualizer (USN-3826-1) qemu-system-mips_2.0.0+dfsg-2ubuntu1.44_i386.debLinux
Machine emulator and virtualizer (USN-3826-1) qemu-system-mips_2.0.0+dfsg-2ubuntu1.44_amd64.debLinux
Machine emulator and virtualizer (USN-3826-1) qemu-system-misc_2.0.0+dfsg-2ubuntu1.44_i386.debLinux
Machine emulator and virtualizer (USN-3826-1) qemu-system-misc_2.0.0+dfsg-2ubuntu1.44_amd64.debLinux
Machine emulator and virtualizer (USN-3826-1) qemu-system-sparc_2.0.0+dfsg-2ubuntu1.44_i386.debLinux
Machine emulator and virtualizer (USN-3826-1) qemu-system-sparc_2.0.0+dfsg-2ubuntu1.44_amd64.debLinux
SUSE-SU-2018:4185-1(SUSE Linux Enterprise Desktop 12-SP4 ) qemu-2.11.2-5.5.1.x86_64.rpmLinux
SUSE-SU-2018:4185-1(SUSE Linux Enterprise Desktop 12-SP4 ) qemu-block-curl-2.11.2-5.5.1.x86_64.rpmLinux
SUSE-SU-2018:4185-1(SUSE Linux Enterprise Desktop 12-SP4 ) qemu-block-curl-debuginfo-2.11.2-5.5.1.x86_64.rpmLinux
SUSE-SU-2018:4185-1(SUSE Linux Enterprise Desktop 12-SP4 ) qemu-debugsource-2.11.2-5.5.1.x86_64.rpmLinux
SUSE-SU-2018:4185-1(SUSE Linux Enterprise Desktop 12-SP4 ) qemu-ipxe-1.0.0+-5.5.1.noarch.rpmLinux
SUSE-SU-2018:4185-1(SUSE Linux Enterprise Desktop 12-SP4 ) qemu-kvm-2.11.2-5.5.1.x86_64.rpmLinux
SUSE-SU-2018:4185-1(SUSE Linux Enterprise Desktop 12-SP4 ) qemu-seabios-1.11.0-5.5.1.noarch.rpmLinux
SUSE-SU-2018:4185-1(SUSE Linux Enterprise Desktop 12-SP4 ) qemu-sgabios-8-5.5.1.noarch.rpmLinux
SUSE-SU-2018:4185-1(SUSE Linux Enterprise Desktop 12-SP4 ) qemu-tools-2.11.2-5.5.1.x86_64.rpmLinux
SUSE-SU-2018:4185-1(SUSE Linux Enterprise Desktop 12-SP4 ) qemu-tools-debuginfo-2.11.2-5.5.1.x86_64.rpmLinux
SUSE-SU-2018:4185-1(SUSE Linux Enterprise Desktop 12-SP4 ) qemu-vgabios-1.11.0-5.5.1.noarch.rpmLinux
SUSE-SU-2018:4185-1(SUSE Linux Enterprise Desktop 12-SP4 ) qemu-x86-2.11.2-5.5.1.x86_64.rpmLinux
SUSE-SU-2018:4185-1(SUSE Linux Enterprise Server 12-SP4 ) qemu-block-iscsi-2.11.2-5.5.1.x86_64.rpmLinux
SUSE-SU-2018:4185-1(SUSE Linux Enterprise Server 12-SP4 ) qemu-block-iscsi-debuginfo-2.11.2-5.5.1.x86_64.rpmLinux
SUSE-SU-2018:4185-1(SUSE Linux Enterprise Server 12-SP4 ) qemu-block-rbd-2.11.2-5.5.1.x86_64.rpmLinux
SUSE-SU-2018:4185-1(SUSE Linux Enterprise Server 12-SP4 ) qemu-block-rbd-debuginfo-2.11.2-5.5.1.x86_64.rpmLinux
SUSE-SU-2018:4185-1(SUSE Linux Enterprise Server 12-SP4 ) qemu-block-ssh-2.11.2-5.5.1.x86_64.rpmLinux
SUSE-SU-2018:4185-1(SUSE Linux Enterprise Server 12-SP4 ) qemu-block-ssh-debuginfo-2.11.2-5.5.1.x86_64.rpmLinux
SUSE-SU-2018:4185-1(SUSE Linux Enterprise Server 12-SP4 ) qemu-guest-agent-2.11.2-5.5.1.x86_64.rpmLinux
SUSE-SU-2018:4185-1(SUSE Linux Enterprise Server 12-SP4 ) qemu-guest-agent-debuginfo-2.11.2-5.5.1.x86_64.rpmLinux
SUSE-SU-2018:4185-1(SUSE Linux Enterprise Server 12-SP4 ) qemu-lang-2.11.2-5.5.1.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234